I have a k3s cluster with calico pods calico-node-xxx
& calico-kube-controllers-xxx
running in kube-system namespace. I am using calico.yaml config in my project.
Now, I want these images in calico.yaml to be pulled from my ACR repo instead of docker.io
repo. So I tagged & pushed these images in my ACR repo and changed the images path in calico manifest yaml file (for e.g. myacrrepo.io/calico/node:v3.17.1
), so that pods can pull image from ACR repo.
But where should I mention credentials of ACR repo in calico manifest file, as without credential (username/password/hostname) the pod is failing with error x509: certificate signed by unknown authority
.
Can someone let me know that where in calico.yaml, ACR repo credential shall I add (and what is the syntax for providing credential in calico.yaml
because for dockr.io images no credentials are mentioned in calico.yaml
which I can replace with my ACR repo credentials) ?
If you want to use a private container registry then you have to create an imagePullSecret. Microsoft explained here on how to do that for ACR.
Once you have created the imagePullSecret add it to the pod spec
as outlined the section 'Use the image pull secret' of the documenation.
This imagePullSecret is not necessary for docker.io, since docker.io is a public registry and imagePullSecrets are only needed for private registries.